Skip to main content

Quickstart

This guide gets Border running in your Node.js application.

1. Install

npm install @dotsetlabs/border

2. Initialize

Add a single import at the top of your entry file: 
import { init } from "@dotsetlabs/border";

init();
That’s it. All outbound fetch() and http.request() calls are now monitored.

3. Configure Destinations

Define what PII types are allowed for each destination: 
init({
  destinationPolicies: [
    // Payment processor needs credit cards
    { domain: "*.stripe.com", allowedPiiTypes: ["credit_card", "email"] },
    
    // Analytics should never get financial data
    { domain: "*.segment.io", blockedPiiTypes: ["ssn", "credit_card"] },
    
    // Internal APIs bypass all scanning
    { domain: "api.internal.com", bypass: true },
  ],
});

4. Test with Dry-Run

Start in dry-run mode to see what would be redacted without modifying requests: 
init({
  dryRun: true,  // Log detections, don't redact
  debug: true,   // Verbose output
});

Example Output

[Border] Active (dry-run)
[Border] HTTP/HTTPS hooks installed
[Border] Undici/fetch hooks installed

# When a request contains PII:
[Border] DRY-RUN: Would redact 2 PII types in POST https://api.example.com
  - ssn: 1
  - credit_card: 1

5. Enable Protection

Remove dryRun to enable live redaction: 
init({
  destinationPolicies: [
    { domain: "*.stripe.com", allowedPiiTypes: ["credit_card", "email"] },
  ],
  // dryRun: false (default)
});

What Gets Detected

Border detects 20+ PII types including:
CategoryTypes
FinancialCredit cards, IBAN, ABA routing
PersonalEmail, phone, SSN, passport
CredentialsAWS keys, Stripe keys, GitHub tokens, JWTs
NetworkIPv4, IPv6, MAC addresses
See PII Types for the full list.

Next Steps

Configuration

All initialization options

Blessed Destinations

Per-domain policies

Audit Logging

Track redactions for compliance